CWmike writes: The Zeus botnet is now using an unpatched flaw in Adobe's PDF document format to infect users with malicious code, security researchers said Thursday. The attacks come less than a week after other experts predicted that hackers would soon exploit the '/Launch' design flaw in PDF documents to install malware on unsuspecting users' computers. The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan Hubbard, CTO of security company Websense. When users open the rogue PDF, they're asked to save a PDF file called 'Royal_Mail_Delivery_Notice.pdf.' That file, however, is actually a Windows executable that when it runs, hijacks the PC. Zeus is the first major botnet to exploit a PDF's
/Launch feature, which is, strictly speaking, not a security vulnerability but actually a by-design function of Adobe's specification. Adobe declined to answer questions whether Zeus' use of /Launch in rigged PDFs would prompt the company to release a patch for Reader and Acrobat, although it said a change to the functionality might 'conceivably [be made] available during one of the regularly scheduled quarterly product updates.' Previously, Adobe has acknowledged that Stevens' attack used a legitimate feature of Reader and Acrobat, and urged users to change Reader's and Acrobat's settings to disable the vulnerable feature.